Former badboy hacker Mitnick now pitching subpar security productHmm Reviews, Hmmcast, customer adventures — by TDavid @ 4:20 pm PST
  (1 votes, average: 4 out of 5) Loading ... |
Hmmcast #127 mp4
Kevin Mitnick.
I’m sure many Hmm readers have heard that name. Mitnick was a well known bad guy hacker who did a couple years in the pen. An article in the June 2007 issue of Playboy describes the mistake he made that got him caught. When he got out he turned author and whitehat security consultant. He’s a new man, or so that’s what we are supposed to believe.
A few days ago I was listening on the radio to a commercial about a product that Mitnick endorsed which would make your experience banking online more secure. It’s a “hardened solution” according to Mitnick since it doesn’t just rely on software. The product sounded worth closer investigation (hey, maybe Google is right to be doing radio advertising, it still works). The product name?
The radio ad mentioned it was available at Best Buy stores everywhere. I stopped by our local Best Buy and they didn’t have any in stock but there were 19 in the warehouse. The manager told me he was ordering some right away and would be stocking them near the laptop display.
Went back home and searched the Best Buy website. The Federal Way store had two copies. I called and asked if they’d hold one since it was a 30 minute drive. I was told they don’t do that. Oh well, didn’t hurt to ask. We arrived at the store 35 minutes later and both copies were still there at the price of $49.99.
Got home and installed ID Vault. I had the understanding — wrong, it would seem — that ID Vault worked with Firefox. Not for me. The ID Vault FAQ says it does but I never received any of the ID Vault prompts when I visited and tried to login to any sites with Firefox and the instruction manual only mentions Internet Explorer.
Not only a Windows-only deal, but Internet Explorer only too? I tried firing up Internet Explorer once ID Vault was installed and it crashed right away. I uninstalled ID Vault and Internet Explorer loaded right away without incident.
Argh.
Before uninstalling I checked the ID Vault database to see if Sharebuilder was one of the brokerages it worked with? Nope. T. Rowe Price was listed however. The Credit Union we use was listed. ID Vault was noticeably slow retrieving the site information.
The way ID Vault promises to secure you is by requesting a pin number to transmit your username/password. The information is stored on the ID Vault USB key. So when you want to visit one of the secure websites you just click on it and it looks for the ID Vault USB key. When you enter in your site username and password you don’t use the keyboard which would prevent a keylogger from seeing it. The methodology used already doesn’t have me typing out the passwords (I generate them using eWallet which has 256-bit encryption and then copy/paste to the sites), so the ID Vault was just adding another largely unnecessary layer of security. Plus, it doesn’t stop any hacker that has already gotten the username/password from using any computer.
ID Vault would be better if it offered some sort of number challenge that could only be generated from the USB key like the PayPal security key. I wanted to like and use ID Vault but in its current condition I would have been better donating the 50 bones to charity. You can save $20 if you order ID Vault through their website but that’s your call. I hope Mitnick was paid well to pitch this because anything he endorses going forward will meet with much greater skepticism from this consumer. Uninstalled. Grade: F.
Update July 5, 2007 7:01pm PST: Greg Greg Marek, Vice President of Marketing for Guard ID Systems, Inc. stopped by in the comment section below to point out that the version of the software that came with my purchased version of ID Vault probably wasn’t the new beta version that supports Firefox 2.0 due to manufacturing to retail lag time. I’ve asked him to continue the dialog and address if the Firefox version is the same as ID Vault or if there are any differences (I.E less functionality). Also asked him if T. Rowe Price is now supported as it wasn’t a month ago and he made it sound as it was easy to get support for that included by just asking them to do so. Consider this my blog post my formal request, Greg.
Related Posts- Hello old media, bloggers who don’t use their legal names aren’t “anonymous sources”
- Advertisers plan to reduce TV commercial budget by twenty percent, says study
- Another disruptive worm on the way
- Hmmcast #8: volcanoes, towels and contest
- Effective January 1, Clear Channel reduces commercial time
- Popular Vegas show illusionist Roy mauled by white tiger
Hi there- I work with Kevin, as his speaking agent, and I truly appreciated the feedback you provided here. I sent it directly to the company contact that we have at GuardID and hope they read it, too.
At the very least, know that I take your feedback seriously and Kevin has read it as well– and your candor is welcome.
Thanks again–
Amy
Comment by Amy Gray — June 13, 2007 @ 6:26 am PST
Thanks for passing along the word, Amy.
Comment by TDavid — June 13, 2007 @ 7:10 am PST
[…] problematic when you put your name on something that sucks. I bought and reviewed a product called ID Vault that Kevin Mitnick was promoting and found the product to be lacking. Result? Credibility hit for […]
Pingback by Some Federated Media bloggers accused of not using proper disclosure in Microsoft campaign » Make You Go Hmm — June 23, 2007 @ 10:43 am PST
I’m with Guard ID Systems, the manufacturer of ID Vault. First, let me say that I’m disappointed to learn that you had a frustrating experience with ID Vault. I’d like to take this opportunity to address your comments:
1. ID Vault out of stock at Best Buy: I apologize that you had trouble finding ID Vault, and that the Best Buy near you was out of stock. Customer demand for ID Vault is so high that Best Buy has had trouble keeping the product on the shelves. We have addressed this issue with Best Buy and trust that they are working to ensure that ID Vault is in stock at their stores.
2. Firefox: We released support for Firefox 2 in May, 2007. It appears that the ID Vault you purchased was most likely manufactured and shipped prior to the release of the new ID Vault software that supports Firefox. The latest version of the ID Vault software can always be downloaded from the “Support” section of the www.IDVault.com Web site. You need to have the ID Vault software that includes Firefox support before you can run ID Vault with Firefox.
3. Financial Sites: The ID Vault Trusted Network is comprised of more than 7,000 financial sites, and ID Vault is guaranteed to work with the financial sites you transact with. If you have an account with a financial site that is not currently part of the ID Vault Trusted Network, you can simply submit the site to us for inclusion in the Trusted Network. Once we validate and verify the site, it will be added to our ID Vault Trusted Network and made available to all of our customers.
We take your comments seriously, and I’m pleased to have had this opportunity to address them. Again, I apologize that your experience with ID Vault was a frustrating one, and I encourage you to contact us if you run into problems with the product, as our support team would be delighted to help you out.
Best Regards,
Greg Marek
Vice President of Marketing
Guard ID Systems, Inc.
Comment by Greg Marek — July 5, 2007 @ 3:37 pm PST
[…] what the reporter was interested in here at Hmm. I did a review last month for the program ID Vault. As readers know I write lots of reviews for lots of different products and services we buy and I […]
Pingback by Hello old media, bloggers who don’t use their legal names aren’t “anonymous sources” » Make You Go Hmm — July 5, 2007 @ 6:27 pm PST
Hi Greg - Thanks for stopping by. Before I get to addressing your specific comments, I’m curious how you found this post. Was it after a reporter tipped you off today or some other way? Timing seems a little coincidental here.
“1. ID Vault out of stock at Best Buy”
Minor correction. ID Vault was not actually out of stock. They had a bunch of them sitting in their warehouse. 19 boxes if my memory serves. They just didn’t have any at our closest location although the manager said he was ordering them. There were two of them at the Federal Way store.
“The latest version of the ID Vault software can always be downloaded from the “Support” section of … ”
Why not a link to the support downloads section directly, here’s the link for readers (and I’ll update the post above for others who buy the product and don’t get the most current version:
http://www.guardid.com/support/downloads.php
Your download page indicates “beta support for Firefox 2.0″ — what exactly does that mean? Are there parts of ID Vault for Firefox 2.x that don’t work with Firefox yet because it’s still in beta? The instruction manual that comes with ID Vault only shows Internet Explorer examples and as I mentioned in the review I had problems getting that to function on our test machine.
Your explanation is a good one though as I do understand manufacturing to retail stores can be a few months lagged, but with all the radio advertising you’d think there would be a better message to customers about this on your website which simply shows support for Firefox but doesn’t say one word — even today, a month after this review — about needing to download the newest beta software to get that support.
“If you have an account with a financial site that is not currently part of the ID Vault Trusted Network, you can simply submit the site to us for inclusion in the Trusted Network. Once we validate and verify the site, it will be added to our ID Vault Trusted Network and made available to all of our customers.”
The way I see it, I did better than that on June 6 and here it is July 5. Have you added support for T. Rowe Price yet? T. Rowe Price isn’t exactly some ma and pa broker on the web. I find it a bit hard to swallow that with the popularity of ID Vault you cite that I’m the first and only customer to point out that T.Rowe Price isn’t supported by ID Vault.
Comment by TDavid — July 5, 2007 @ 6:38 pm PST
ID Vault customer support has no telephone support. Yes you can email them and you will get an automated reply to point you to the FAQ. I don’t consider this support.
If your bank, brokerage site, etc. is on their list of sites, great. If your site is not on their list ID Vault is supposed to allow you to list your user name and password anyway. Not with my ID Vault.
I logged into multiple secure web sites and never once did ID Vault offer to add the web site to the USB device.
And to top off insult to injury ID Vault wants to charge you $39.95 per year for their service! No, no, no, this is too much money for too little product!
Comment by J Ostromecky — January 4, 2008 @ 4:45 am PST
Gentlemen: I’ve heard the Radio Ads on Hottalk KSFO and was interested in purchasing this product, however, the Gentlemen’s criticism sounds reasonable & legitamate. I don’t think I’ll buy this product until I hear that the “bugs” have been worked out….I hope you’ll include reference to the resolution in your Radio ads. Also, do you guarantee your service? (like LifeLock?) It sounds as if a dishonest employee could steal lots of customer data and really cause destruction - of your customers and your business reputation too. How confident are you??? Is there any guarantee?? Thanks for earliest response. Sarah Baldwin
Comment by sarah baldwin — March 8, 2008 @ 1:13 am PST
it froze my computer!!!! on every website that I put in passwords into ID vault. uninstalled it and was able to get back my banking connections but still can not log into a newspaper site.. very bad software… It even migrated over to my IMAC which connects to my PC wireless.. anyone have any ideas about cleaning out the rest of this mess???? am returning it to Costco tomorrow.
Comment by esoehnel — April 26, 2008 @ 3:06 pm PST
When the !@#$ thing works it takes 2 or 3 forevers to connect. Since installation everything runs slower. Norton secure sign in was so much faster and simpler working
Comment by Wayne Douglas — May 23, 2008 @ 4:08 pm PST